Reputation: 105
Cannot update username value. PHP/MySQL
I have the following problem. When I try to update the Username value via HTML form. Here is my HTML form:
<form action="namechanging.php" method="post">
<br>
<fieldset>
<span class="ico user-ico"></span>
<input name="ingamename" type="text" class="field" value="Example: John_Doe" title="Example: John_Doe" />
</fieldset>
<center><input name="submit" type="submit" class="submit btn blue-btn" value="Change Name" /></center>
</form>
here is my namechanging.php file:
<?php
session_start();
$_SESSION['ingamename'] = $_POST['ingamename'];
$newingamename = $_SESSION['ingamename'];
$nc = $_SESSION['nc'];
if($nc < 1){
$updateresult = '<strong>Error:</strong> You do not have any name changes left. Donate for more...';
header("Location: ucp-home-error.php");
}
else {
$con=mysqli_connect("localhost","USERNAME","PASS","DB-NAME");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$newnc = $nc - 1;
mysqli_query($con,"UPDATE users SET Username=$newingamename WHERE Username='$_SESSION[user]' ");
mysqli_query($con,"UPDATE users SET NameChanges=$newnc
WHERE Username='$_SESSION[user]'");
$updateresult = 'Your In-Game Name was changed successfully. Please re-log!';
header("Location: ucp-home-success.php");
}
mysqli_close($con);
$_SESSION['updateresult'] = $updateresult;?>
It work removing -1 from $nc, but it is not changing the username. You should also know that the username is saved in the session, and that is the username with which I've logged into a authentication page. here is my auth.php file:
<?php
include("sql.php");
session_start();
function Destroy() {
unset($_SESSION['UID']);
unset($_SESSION['USERNAME']);
unset($_SESSION['FULL NAME']);
header("location: account-log-in-restricted.php");
}
if(isset($_SESSION['UID']) && isset($_SESSION['USERNAME'])) {
$UID = $_SESSION['UID'];
$username = $_SESSION['USERNAME'];
$qry = mysql_query("SELECT * FROM `users` WHERE `UID` = '$UID' AND `Username` = '$username'");
if(mysql_num_rows($qry) != 1) { Destroy(); }
} else { Destroy(); }
?>
Upvotes: 0
Views: 249
Answers (1)
Reputation: 26353
It's probably choking on this:
mysqli_query($con,"UPDATE users WHERE Username='$_SESSION[user]' SET Username=$newingamename");
1 ^^^^^^^^^^^^^ 2 ^^^^^^^^^^^^
In (1), that's the equivalent of saying $_SESSION[user] when what you want is $_SESSION['user'] (with the quotes around user).
In (2), you need to put single quotes around the $newingamename.
Note: The remainder was edited from the original answer to (a) consolidate the PHP and MySQL fixes and (b) recast using mysqli parameter binding for code safety.
Also, the MySQL query is wrong: SET comes before WHERE.
Putting this all together, and using mysqli binding parameters for code (and career) security, you get this:
$stmt = mysqli_prepare($con, 'UPDATE users SET username=? WHERE username = ?');
mysqli_stmt_bind_param($stmt, 'ss', $newingamename, $_SESSION['user']);
mysqli_stmt_execute($stmt);
Make similar changes for the other UPDATE.
Upvotes: 1
Related Questions
- Unable to update an username in wordpress
- Can't make the user update there information
- Problems updating current user information PHP PDO
- Can't update/change data in MySQL from PHP
- Can't update data in mysql from php
- Php script doesn't check the username value in mysql table
- PHP update user account details no error displayed but account details not updated
- Issue with updating a user's information in mysql
- PHP updating user information
- PHP & MySQL username submit problem